makman

Somebody has to wear the black hat and give the audience someone to shake their fists at. They want someone to hate. And if that’s what you want to pay me to do, I’m happy to do it! – Jane Elliot If you’re not familiar with the concept of Hats in hacking, you’re probably at […]

vBulletin team has patched a critical object injection vulnerability in version 5.1.x, which can lead to Remote code execution. CVE-2015-7808 has been assigned to this vulnerability. The POC of this exploit was released by some guy on twitter after defacing the official portal of vBulletin using the same exploit. You can find the technical details here. […]

Introduction You guys know how I love to automate stuff. So earlier today I decided to automate the SQL injection vulnerability in open source CMS joomla (3.2 to 3.4.4) found by Trust Wave Labs here. CVE-2015-7297, CVE-2015-7857, and CVE-2015-7858 cover this SQL Injection vulnerability. I have used Google Scraper and Mass Exploiter from one of my previous […]

This post has the same goals as of the previous one i.e. to get root access on the target machine with just a PHP interface and no back-connect or reverse connection. So, if you haven’t already, read the part 1 of this post here [PHP][Python] Root Exploiter – No Back-Connect. In the previous version of this […]

I love to solve CTF challenges. Even though, most of the time these challenges are far from the actual real world scenarios but still I really enjoy ’em. These are like Games & Scavenger Hunts where at the end, You get to see a (very cool) Flag .. You can find the Challenge here. It’s a […]